Most past work on honeypots has made two assumptions: (i) they assume that the only defensive measure used is a honeypot mechanism, and (ii) they do not consider both rational and subrational adversaries and do not reason with an adversary model when placing honeypots. However, real-world system security officers use a mix of instruments such as traditional defenses (e.g. firewalls, intrusion detection systems), and honeypots form only one portion of the strategy. Moreover, the placement of traditional defenses and honeypots cannot be done independently. In this paper, we consider a Stackelberg-style game situation where the defender models the attacker and uses that model to identify the best placement of traditional defenses and honeypots. We provide a formal definition of undamaged asset value (i.e. the value that is not compromised by the attacker) under a given defensive strategy and show that the problem of finding the best placement so as to maximize undamaged asset value is NP-hard. We propose a greedy algorithm and show via experiments, both on real enterprise networks and on ones generated by the well-known network simulation tool NS-2, that our algorithm quickly computes near optimal placements. As such, our method is both practical and effective.
F.H.Abbasi, R.J.Harris, G.Moretti, A.Haider and N.Anwar, Classification of malicious network streams using honeynets, in: GLOBECOM, 2012.
2.
L.Ablon, M.C.Libicki and A.A.Golay, Markets for Cybercrime Tools and Stolen Data: Hackers’ Bazaar, RAND Corporation, 2014.
3.
P.Aggarwal, Z.Maqbool, A.Grover, V.Pammi, S.Singh and V.Dutt, Cyber security: A game-theoretic analysis of defender and attacker strategies in defacing-website games, in: CyberSA, 2015.
4.
E.S.Al-Shaer and H.H.Hamed, Discovery of policy anomalies in distributed firewalls, in: INFOCOM, 2004.
5.
M.Bercovitch, M.Renford, L.Hasson, A.Shabtai, L.Rokach and Y.Elovici, HoneyGen: An automated honeytokens generator, in: ISI, 2011.
C.-M.Chen, S.-T.Cheng and R.-Y.Zeng, A proactive approach to intrusion detection and malware collection, Security and Communication Networks6(7) (2013), 844–853. doi:10.1002/sec.619.
8.
K.H.Chung and H.Jo, The impact of security analysts’ monitoring and marketing roles on the market value of firms, Journal of Financial and Quantitative Analysis31(4) (1996), 493–512. doi:10.2307/2331357.
9.
P.Cintula, F.Esteva, J.Gispert, L.Godo, F.Montagna and C.Noguera, Distinguished algebraic semantics for t-norm based fuzzy logics: Methods and algebraic equivalencies, Annals of Pure and Applied Logic160(1) (2009), 53–81. doi:10.1016/j.apal.2009.01.012.
10.
A.Clark, K.Sun, L.Bushnell and R.Poovendran, A game-theoretic approach to IP address randomization in decoy-based cyber defense, in: GameSec, 2015.
11.
W.R.Claycomb, Detecting insider threats: Who is winning the game?, in: International Workshop on Managing Insider Security Threats, 2015.
12.
R.Dewri, N.Poolsappasit, I.Ray and D.Whitley, Optimal security hardening using multi-objective optimization on attack tree models of networks, in: CCS, 2007.
13.
R.Dewri, I.Ray, N.Poolsappasit and D.Whitley, Optimal security hardening on attack tree models of networks: A cost-benefit analysis, Int. J. of Information Security11(3) (2012), 167–188. doi:10.1007/s10207-012-0160-y.
14.
G.Dhillon and G.Torkzadeh, Value-focused assessment of information system security in organizations, Information Systems Journal16(3) (2006), 293–314. doi:10.1111/j.1365-2575.2006.00219.x.
15.
M.R.Garey and D.S.Johnson, Computers and Intractability: A Guide to the Theory of NP-Completeness, W. H. Freeman & Co., New York, NY, USA, 1979.
16.
R.Grimes, Why patching is still a problem – and how to fix it, CSO Magazine (2016). http://www.csoonline.com/article/3025807/data-protection/why-patching-is-still-a-problem-and-how-to-fix-it.html.
17.
Z.Han, N.Marina, M.Debbah and A.Hjørungnes, Physical layer security game: How to date a girl with her boyfriend on the same table, in: GameNets, 2009.
18.
T.Issariyakul and E.Hossain, Introduction to Network Simulator NS2, Springer Publishing Company, Incorporated, 2008.
19.
S.Jajodia, S.Noel, P.Kalapa, M.Albanese and J.Williams, Cauldron: Mission-centric cyber situational awareness with defense in depth, in: MILCOM, 2011.
20.
S.Jajodia, P.Shakarian, V.S.Subrahmanian, V.Swarup and C.Wang (eds), Cyber Warfare – Building the Scientific Foundation, Advances in Information Security, Vol. 56, Springer, 2015.
21.
R.L.Keeney, Value-Focused Thinking: A Path to Creative Decisionmaking, Harvard University Press, 1996.
22.
R.L.Keeney, Value-focused thinking: Identifying decision opportunities and creating alternatives, European Journal of Operational Research92(3) (1996), 537–549. doi:10.1016/0377-2217(96)00004-5.
23.
C.Kiekintveld, V.Lisý and R.Píbil, Game-theoretic foundations for the strategic use of honeypots in network security, in: Cyber Warfare – Building the Scientific Foundation, 2015, pp. 81–101.
A.Krause, J.Leskovec, C.Guestrin, J.VanBriesen and C.Faloutsos, Efficient sensor placement optimization for securing large water distribution networks, Journal of Water Resources Planning and Management134(6) (2008), 516–526. doi:10.1061/(ASCE)0733-9496(2008)134:6(516).
26.
R.P.-Lippmann, J.F.Riordan, T.H.Yu and K.K.Watson, Continuous Security Metrics for Prevalent Network Threats: Introduction and First Four Metrics, Technical Report, MIT Lincoln Laboratory, 2012.
27.
K.J.R.Liu and B.Wang, Cognitive Radio Networking and Security: A Game-Theoretic View, Cambridge University Press, New York, NY, USA, 2010. doi:10.1017/CBO9780511778773.
28.
T.F.Lunt, A survey of intrusion detection techniques, Computers & Security12(4) (1993), 405–418. doi:10.1016/0167-4048(93)90029-5.
29.
K.-w.Lye and J.M.Wing, Game strategies in network security, Int. J. of Information Security4(1–2) (2005), 71–86. doi:10.1007/s10207-004-0060-x.
30.
M.H.Manshaei, Q.Zhu, T.Alpcan, T.Bacşar and J.-P.Hubaux, Game theory meets network security and privacy, ACM Comput. Surv.45(3) (2013), 25.
31.
P.Mell, T.Bergeron and D.Henning, Creating a Patch and Vulnerability Management Program, NIST Sp. Publ. 800-40, Version 2.0, 2005.
G.L.Nemhauser, L.A.Wolsey and M.L.Fisher, An analysis of approximations for maximizing submodular set functions – I, Math. Program.14(1) (1978), 265–294. doi:10.1007/BF01588971.
S.Osborn, R.Sandhu and Q.Munawer, Configuring role-based access control to enforce mandatory and discretionary access control policies, ACM Transactions on Information and System Security3(2) (2000), 85–106. doi:10.1145/354876.354878.
36.
N.Poolsappasit, R.Dewri and I.Ray, Dynamic security risk management using Bayesian attack graphs, IEEE Trans. Dependable Secur. Comput.9(1) (2012), 61–74. doi:10.1109/TDSC.2011.34.
37.
F.Pouget and M.Dacier, Honeypot, Honeynet: A comparative survey, in: Institut Eurecom, 2003.
38.
M.Rasouli, E.Miehling and D.Teneketzis, A supervisory control approach to dynamic cyber-security, in: GameSec, 2014.
39.
M.Raya, M.H.Manshaei, M.Félegyhazi and J.-P.Hubaux, Revocation games in ephemeral networks, in: CCS, 2008.
40.
T.Schelling, The Strategy of Conflict, Harvard University Press, 1992.
41.
E.Serra, S.Jajodia, A.Pugliese, A.Rullo and V.S.Subrahmanian, Pareto-optimal adversarial defense of enterprise systems, ACM Trans. Inf. Syst. Secur.17(3) (2015), 11. doi:10.1145/2699907.
42.
A.Shabtai, Y.Elovici and L.Rokach, Data leakage detection/prevention solutions, in: A Survey of Data Leakage Detection and Prevention Solutions, Springer, 2012, pp. 17–37. doi:10.1007/978-1-4614-2053-8_4.
43.
P.Shakarian, D.Paulo, M.Albanese and S.Jajodia, Keeping intrudors at large: A graph-theoretic approach to reducing the probability of successful network intrusions, in: SECRYPT, 2014.
44.
G.F.Stocco and G.Cybenko, Exploiting adversary’s risk profiles in imperfect information security games, in: GameSec, 2011.
45.
L.Xiao, Y.Chen, W.S.Lin and K.J.R.Liu, Indirect reciprocity security game for large-scale wireless networks, Trans. Info. For. Sec.7(4) (2012), 1368–1380. doi:10.1109/TIFS.2012.2202228.
46.
G.Yan, Y.Kucuk, M.Slocum and D.C.Last, A Bayesian cogntive approach to quantifying software exploitability based on reachability testing, in: ISC, 2016.
47.
A.Younis, Y.K.Malaiya and I.Ray, Assessing vulnerability exploitability risk using software properties, Software Quality Journal24(1) (2016), 159–202. doi:10.1007/s11219-015-9274-6.
48.
Y.Zhang and B.A.Prakash, DAVA: Distributing vaccines over networks under prior information, in: ICDM, 2014.
49.
Q.Zhu, H.Li, Z.Han and T.Basar, A stochastic game model for jamming in multi-channel cognitive radio systems, in: ICC, 2010.
